|
|
|
|
| Компьютерный форум OSzone.net » Программирование, базы данных и автоматизация действий » Скриптовые языки администрирования Windows » PowerShell - [решено] \\?\ для сетевой шары |
|
|
PowerShell - [решено] \\?\ для сетевой шары
|
Ветеран Сообщения: 992 |
Есть скрипт на ПоШе для проверки прав на некоторых папках. Т.к. встречаются папки с чертовски длинными путями (больше 260 символов) пришлось использовать префикс \\?\ как рекомендовано вот здесь. Для локальной папки (например \\?\d:\temp\) все отрабатывает идеально, а вот на сетевой спотыкается. Или я не правильно указываю путь (указывал так: \\?\server\shares\). Что я делаю не так?
|
|
|
Отправлено: 19:09, 31-01-2018 |
Ветеран Сообщения: 5380
|
Профиль | Отправить PM | Цитировать Цитата Elven:
|
|
|
------- Отправлено: 19:41, 31-01-2018 | #2 |
|
Ветеран Сообщения: 992
|
Профиль | Сайт | Отправить PM | Цитировать Казбек, это тогда весь скрипт выкладывать/смотреть.
скрипт
Код:
 clear
####################
#pobieranie uprawnien
function get-perm($permission)
{
$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "do*"} | % {
$user = $_.IdentityReference
$perm = $_.FileSystemRights
if ($perm -like $permission)
{
#$p += echo $user.ToString()
if ($_.IsInherited -eq $true )
{$p += echo "<font color="blue">$user</font>"}
else
{$p += echo $user.ToString()}
if ($_.AccessControlType -like 'Deny' )
{$p += echo "<font color="red">(-)</font>"}
$p += echo "; "
}
}
switch($permission)
{
"*FullControl*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Modify*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Read*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
}
}
##################
$start = Get-Date
$report = 'D:\temp\report.html'
Remove-Item $report -ErrorAction SilentlyContinue
$sciezka2 = "\\fs\logs"
$sciezka = Read-Host "podaj ścieźkę: "
$OnlyFolder = Read-Host "Skanować tylko foldery? (T/N) "
if($sciezka -eq $null)
{
if($OnlyFolder -eq "T" )
{
$dirs = Get-ChildItem $sciezka2 -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer }
}
if($OnlyFolder -eq "N" )
{$dirs = Get-ChildItem $sciezka2 -Recurse -Exclude '*.lnk' }
}
else
{
if($OnlyFolder -eq "T" )
{
$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer }
$sciezka2 =$sciezka
}
if($OnlyFolder -eq "N" )
{
$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk'
$sciezka2 =$sciezka
}
}
echo "<head><title>Raport - Audyt uprawnień</title></head>" | Out-File $report -Append
echo "<h1 align='center'>Raport - Audyt uprawnień </h1>" | Out-File $report -Append
echo "<br>Data wygenerowania: $(get-date -DisplayHint DateTime -Format F)" | Out-File $report -Append
echo "<table border="1">" | Out-File $report -Append
$j = $dirs.Count
$i=0
######
#katalog ROOT
######
$FullAccess = $null
$ReadOnly = $null
$Modify = $null
$Delete = $null
$groupmembers =$null
#budowanie tabeli w HTML
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo $sciezka2 | Out-File $report -Append
echo "</th> </tr>" | Out-File $report -Append
$acl = Get-Acl $sciezka2
$Owner = $acl.Owner
echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append
get-perm('*FullControl*')
get-perm('*Modify*')
get-perm('*Read*')
get-perm('*Delete*')
get-perm("*AppendData*" )
get-perm("*ChangePermissions*" )
get-perm("*CreateDirectories*" )
get-perm("*CreateFiles*" )
get-perm("*DeleteSubdirectoriesAndFiles*" )
get-perm("*ExecuteFile*" )
get-perm("*ListDirectory*" )
get-perm("*ReadAndExecute*" )
get-perm("*ReadAttributes*" )
get-perm("*ReadData*" )
get-perm("*ReadExtendedAttributes*")
get-perm("*ReadPermissions*" )
get-perm("*TakeOwnership*" )
#get-perm("*Synchronize*" )
get-perm("*Traverse*" )
get-perm("*Write*" )
get-perm("*WriteAttributes*" )
get-perm("*WriteData*" )
get-perm("*WriteExtendedAttributes*" )
######
#Podkatalogi
foreach ( $dir in $dirs)
{
if($dir -notlike '*~$*')
{
$i+=1
$perc = $i/$j*100
$perc = ([Math]::Round($perc))
write-progress "Zapierdzielam..." "Zakończono: $perc %" -perc $perc
foreach ($acls in $acl)
{
$FullAccess = $null
$ReadOnly = $null
$Modify = $null
$Delete = $null
$groupmembers =$null
#budowanie tabeli w HTML
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo $dir.fullname | Out-File $report -Append
echo "</th> </tr>" | Out-File $report -Append
$acl = Get-Acl $dir.fullname
$Owner = $acl.Owner
echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append
<#
#pobieranie uprawnien
function get-perm($permission)
{
$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "GH*"} | % {
$user = $_.IdentityReference
$perm = $_.FileSystemRights
if ($perm -like $permission)
{
#$p += echo $user.ToString()
if ($_.IsInherited -eq $true )
{$p += echo "<font color="blue">$user</font>"}
else
{$p += echo $user.ToString()}
if ($_.AccessControlType -like 'Deny' )
{$p += echo "<font color="red">(-)</font>"}
$p += echo "; "
}
}
switch($permission)
{
"*FullControl*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Modify*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Read*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
}
}
#>
}
#dadac pozostrałe
get-perm('*FullControl*')
get-perm('*Modify*')
get-perm('*Read*')
get-perm('*Delete*')
get-perm("*AppendData*" )
get-perm("*ChangePermissions*" )
get-perm("*CreateDirectories*" )
get-perm("*CreateFiles*" )
get-perm("*DeleteSubdirectoriesAndFiles*" )
get-perm("*ExecuteFile*" )
get-perm("*ListDirectory*" )
get-perm("*ReadAndExecute*" )
get-perm("*ReadAttributes*" )
get-perm("*ReadData*" )
get-perm("*ReadExtendedAttributes*")
get-perm("*ReadPermissions*" )
get-perm("*TakeOwnership*" )
# get-perm("*Synchronize*" )
get-perm("*Traverse*" )
get-perm("*Write*" )
get-perm("*WriteAttributes*" )
get-perm("*WriteData*" )
get-perm("*WriteExtendedAttributes*" )
}
}
echo "</table>" | Out-File $report -Append
$end = Get-Date
$genTime = $end - $start
echo "Czas generowania: $genTime" | Out-File $report -Append
# Tworzenie Legendy
echo "<br><br><br><table border="1">" | Out-File $report -Append
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo "Legenda </th> </tr>" | Out-File $report -Append
echo "<tr align="left"><td >DOMAIN\User</td><td>uprawnienia przyznane (Allow)</td></tr>" | out-file $report -append
echo "<tr align="left"><td ><font color="blue">DOMAIN\User</font></td><td>uprawnienia dziedziczone</td></tr>" | out-file $report -append
echo "<tr ><td align="center" ><font color="red">(-)</font></td><td align="left">Brak uprawnień (Deny)</td></tr>" | out-file $report -append
echo "</table>" | Out-File $report -Append
ii $report
спотык
Н
Код:
евозможно вызвать метод для выражения со значением NULL.
D:\bat\ps1\audit.ps1:6 знак:4
+ $acl.Access.GetEnumerator() | where {$_.IdentityReference ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
|
|
Последний раз редактировалось Elven, 01-02-2018 в 11:23. Отправлено: 20:07, 31-01-2018 | #3 |
|
Ветеран Сообщения: 1259
|
Профиль | Отправить PM | Цитировать \\?\ - синтаксис не поддерживается в PowerShell,как для локальных, так и для UNC путей
Качайте модуль, где нет проблем с длинными путями - https://gallery.technet.microsoft.co...f-90dbb2b84e85 Или установить: Код:
PS > Find-Module NTFSSecurity Version Name Repository ------- ---- ---------- 4.2.3 NTFSSecurity PSGallery PS > Install-Module NTFSSecurity Код:
PS > get-command -module NTFSSecurity CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Add-NTFSAccess 4.2.3 NTFSSecurit Cmdlet Add-NTFSAudit 4.2.3 NTFSSecurit |
|
Отправлено: 23:36, 31-01-2018 | #4 |
|
Ветеран Сообщения: 992
|
Профиль | Сайт | Отправить PM | Цитировать Kazun, спасибо. Но локально все почему-то отрабатывало, причем именно с длинным путем (больше 500 символов). Что же, буду колупать NTFSSecurity.
|
|
|
Отправлено: 11:22, 01-02-2018 | #5 |
|
Участник сейчас на форуме |
 |
Участник вне форума |
 |
Автор темы |
 |
Сообщение прикреплено |
| |||||
| Название темы | Автор | Информация о форуме | Ответов | Последнее сообщение | |
| 2008 - Монтирование сетевой шары участникам домена групповой политикой | salаm | Windows Server 2008/2008 R2 | 2 | 02-11-2016 02:06 | |
| [решено] Сетевой диск в качестве шары | mrEof | Microsoft Windows NT/2000/2003 | 0 | 02-12-2014 21:56 | |
| Установка оборудования для сетевой игры, что для этого нужно | sid34 | Хочу все знать | 12 | 21-10-2010 05:17 | |
| доменный пользователь только для доступа на шАры | Busla | Хочу все знать | 1 | 02-12-2009 17:00 | |
| Alias для шары | useratoszone | Microsoft Windows NT/2000/2003 | 1 | 17-04-2008 12:26 | |
|
|
Время: 00:37. | © OSzone.net 2001-
|
|
Powered by: vBulletin Copyright ©2000 - 2024, Jelsoft Enterprises Ltd. |
